[dns-operations] Limiting DNSSEC-based amplification attacks (Was: Weird TXT record

Ray Bellis Ray.Bellis at nominet.org.uk
Wed Jun 22 09:43:35 UTC 2011


On 22 Jun 2011, at 09:32, Dobbins, Roland wrote:

> iptables in front of any server, especially a DNS server, is a self-DoS waiting to happen.

Not if you have working ip6tables at the same time.

If you b0rk your main iptables you can still get in via IPv6 ;-)

Ray




More information about the dns-operations mailing list